package com.epam.edu.command;

import com.epam.edu.constant.Role;
import com.epam.edu.dao.DAOUser;
import com.epam.edu.db.ConnectionPool;
import com.epam.edu.entity.User;
import com.epam.edu.util.CryptoUtils;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.SQLException;

public class RegistrationCommand implements Command {
    @Override
    public String perform(HttpServletRequest request, HttpServletResponse response) throws IOException, SQLException, NoSuchAlgorithmException {
        String message = null, path = null;
        StringBuilder errorMessage = new StringBuilder();
        String userName = request.getParameter("userName");
        ConnectionPool pool = null;
        Connection connection = null;
        HttpSession session = request.getSession();
        try {
            ConnectionPool.init();
            pool = ConnectionPool.getInstance();
            connection = pool.takeConnection();
            if (session.getAttribute("userId") != null) {
                path = "/WEB-INF/jsp/admin/registrationAdmin.jsp";
            } else {
                path = "/WEB-INF/jsp/user/registration.jsp";
            }
            errorMessage.append((DAOUser.isUser(connection, userName)) ? "A user with that name already exists<br>" : "");
            String password = request.getParameter("password");
            String confirmPassword = request.getParameter("confirmPassword");
            errorMessage.append((!password.equals(confirmPassword)) ? "Password and confirm password do not match<br>" : "");
            if (errorMessage.length() == 0) {
                password = CryptoUtils.SHA1(password);
                if (session.getAttribute("userId") != null) {
                    message = registerUserAsRole(connection, userName, password, confirmPassword, Role.ADMIN);
                } else {
                    message = registerUserAsRole(connection, userName, password, confirmPassword, Role.USER);
                }
            } else {
                request.setAttribute("errorMessage", errorMessage);
            }
            request.setAttribute("message", message);
        } catch (SQLException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
        return path;
    }

    private String registerUserAsRole(Connection connection, String userName, String password, String confirmPassword, Role role) {
        String message = null;
        User user = new User(userName, password, role);
        int id = DAOUser.add(connection, user);
        if (id != -1) {
            user.setId(id);
            message = String.format("You are registered on the site 'Admissions'.<br> Your username: %s.<br> Password: %s",
                    userName, confirmPassword);
        }
        return message;
    }
}
